[openbeos] Re: OBOS Security
- From: Clay Vincent Schentrup <cvs@xxxxxxxxxxxxx>
- To: openbeos@xxxxxxxxxxxxx
- Date: Wed, 07 Aug 2002 09:20:35 -0500
What makes anyone think BeOS could be susceptible to this problem, even if it
_were_ multi-user? Isn't the messaging system in the BeOS API completely
different such that one can't spoof messages? Any API that would allow this
seems horribly written to me.
Clay
>Ingo Weinhold wrote:
>> This doesn't really make any sense for R1. The logged in user is always
>> root, so there is actually no need for any hacker to elevate their
>> privileges.
>Yes, forgot about that :)
>> For real multi-user, there are a couple of security issues to deal with,
>> and ports (on which messaging is based) are one of them. One could for
>> instance restrict sending data to/reading them from ports to teams with
>> sufficient rights. This will require some further thoughts about daemons
>> like the app_server or the registrar, which (at least the former) will
>> need root privileges, but will also need to communicate with user apps.
>I generally think that the best way to solve this, is to let the
>application tell whether or not it wants messages from outside it's team
>- and if it wants those, then just from specific applications (though
>this could probably be faked/spoofed).
>> However, unless I misinterpret Michaels answer to a multi-user related
>> question in the IRC Q&A session, *real* multi-user isn't a goal for OBOS
>> anyway (though I personally think, that's a pity).
>Yes, but the longer we wait, the more apps will break. So if we decide
>(sometime in the future) that we want to fix this, and go multiuser,
>we'd break a lot of applications... There fore we might want to do this
>for R2 at least?
>Besides - *no one* knows where R2 will go, yet - not even Michael
>Phipps :P
>/Brian Matzon
Other related posts:
